what hardware entropy usb key equivalent Simtec entropy key take ?

Pete Stephenson pete at heypete.com
Sun May 25 21:33:30 CEST 2014 

http://ubld.it/products/truerng-hardware-random-number-generator/
seems to be the closest I've seen in regards to a "USB stick" form
factor and price. It doesn't use the ekeyd daemon for adding entropy
to the pool, but rather shows up as a virtual serial port and one can
use rngd to feed that data into the kernel pool. I have no personal
experience with that product, but it would seem that even if the
entropy source was compromised in some way, that would not be a major
issue -- rngd does tests to detect biasing (which admittedly won't
catch more subtle manipulation) and /dev/random would stir the pool
with entropy from various sources, so it can only help.

While not a direct, drop-in replacement for the Entropy Key, I found
that a Raspberry Pi and it's internal hardware random number generator
makes a good source. The internal HWRNG in the Pi is extremely fast
(>700kbps). I've not personally setup a Pi to share entropy over the
network, but I'd imagine this is something that could be reasonably
done. I only have the HWRNG generating entropy for local use. Anyone
have experience with a network setup?

In regards to getting the Pi's HWRNG setup,
http://vk5tu.livejournal.com/43059.html has all the details.

It's basically three steps:
1. Add "bcm2708_rng" to /etc/modules, then run "modprobe bcm2708_rng"
to activate the module.
2. Install the rng-tools package.
3. Edit /etc/defaults/rng-tools to access the HWRNG and feed the kernel pool.

My /etc/defaults/rng-tools file looks a bit different than that of the
previously-mentioned website. Here's the relevant lines from my file:

###
#Specify the HWRNG device
HRNGDEVICE=/dev/hwrng
# Check the kernel entropy pool once per second, and add HW-generated
entropy if it drops below 90%.
# You can change these values to whatever you feel would work best for you.
RNGDOPTIONS="--fill-watermark=90% --feed-interval=1"
###

Please note this assumes that the HWRNG has not been subverted,
broken, or doing something unexpected.

I hope this helps.

Cheers!
-Pete

On Sun, May 25, 2014 at 8:57 PM,  <tux.tsndcb at free.fr> wrote:
> Hello alls,
>
> As you know it is not more possible to buy a Simtec entropy usb key since many years, so my question what hardware entropy usb key do you recommend now to replace it (not too expensive) ?
>
> PS:  need to be compatible with GNU Linux / Debian
>
> Thanks in advanced for your return.
>
> Best Regards
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



-- 
Pete Stephenson

More information about the Gnupg-users mailing list